Описание
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity.
Меры по смягчению последствий
This flaw can be mitigated by disabling HTTP/2. More information available at: https://httpd.apache.org/docs/2.4/mod/mod_http2.html
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | httpd | Out of support scope | ||
| Red Hat Enterprise Linux 7 | httpd | Out of support scope | ||
| Red Hat Enterprise Linux 9 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd22 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd22 | Not affected | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2022:7143 | 26.10.2022 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-httpd | Fixed | RHSA-2022:7143 | 26.10.2022 |
| Red Hat Enterprise Linux 8 | httpd | Fixed | RHSA-2022:1915 | 10.05.2022 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | httpd24-httpd | Fixed | RHSA-2022:6753 | 29.09.2022 |
| Text-Only JBCS | httpd | Fixed | RHSA-2022:7144 | 26.10.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
A crafted method sent through HTTP/2 will bypass validation and be for ...
EPSS
7.5 High
CVSS3